McAfee Leaks Conference Attendees' Personal Info

Timmy writes "In the cruelest of ironies, e-mail security vendor McAfee has accidentally coughed up the personal details of some 1400 attendees of its recent security conference in Sydney, Australia. Those who were sent the list — attached as a spreadsheet to a thank you e-mail — are far from pleased that such an extraordinary thing could happen. McAfee, which sells products to 'stop sensitive and protected data from leaving the enterprise through email and web traffic' has blamed 'human error' for the blunder and is 'taking steps to ensure it doesn't happen again.' Doh!"

Re:

[Anonymous Coward]

You forgot to attach the spreadsheet to that post ;)

Funny? Maybe not ...

[artgeeq]

Does anyone remember the time McAfee distributed a signature file that caused its software to delete executable binaries from computers? This caused me and many other persons much grief. A few months afterward, a vendor asked me what McAfee could do to make up for such a thing. My response was that that they couldn't, that they should just go out of business.

Re:

[plastbox]

Wohoo! Not only my first first-post but my first Offtopic post as well! (or at least, the first one to get modded as such)

Obligary, but funny

[sopssa]

Wikileaks did the exact same thing [wired.com]. Later someone send the leak to them, and they had to give out those donators info per their rules :) [wikileaks.org]

People working at these positions should really check their emails before they mass send them..

Re:

[aurispector]

This is why I don't want my personal information in any database anywhere.

Re:Obligary, but funny

[hittman007]

This is why I don't want my personal information in any database anywhere.

Good luck with that.

I'm not saying this would be impossible but it would be very difficult to achieve in todays world as you would have to live completly off the grid...

Think about it, how many databases have your personal info (or at least that of someone you live with). Any phone service (Cell or Land Line), Internet service, Electricity, Trash, Water, Natural Gas. These are all databases, and if you ever live on your own all of these will will include your personal info.

Also, do you have a drivers liscense? If you do your state government has your personal info (and thats if they didn't have it already).

Social Security (assuming your not a member of a religion that has contrary religous beliefs), congrats, the government has you on a list and, while this list doesn't directly include any personal information, what is the one thing that will get someone all the info they will ever want about you?

You wouldn't happen to own a car or house? Or do you live in an appartment with your name on the lease??

Do you have a job that pays other than cash?

Do you have a credit card?

These are just the lists that come to mind offhand, if I put my mind to it I'm sure I can think of more...

Re:

[WML MUNSON]

Actually, it's not that hard to be off the grid entirely. Take your pick of any third-world country. Some are quite nice and the living standards can be rather luxurious.

Re:

[aurispector]

Oh, I know it's impossible, but a man can dream, can't he?

Title error

[RPoet]

Title should say "attendees'", not "attendee's".

Re:

[thePowerOfGrayskull]

Actually its Attendees' since they are plural and their information was lost

That's really very funny, you're the third person to correct the poster by replying with exactly what s/he had already posted. Too, you've fallen victim to Muphry's law [wikipedia.org] in your own post...

Title should say "attendees'", not "attendee's".

Let me re-paste the same quote, and add the space which reveals that which you all have failed to see...

Title should say "attendees' ", not "attendee's".

Re:Title error

[UNHOLYwoo]

I second the grammar nazi.

S*** happens

[indre1]

Things like this even happen to the best of us.

Re:

[$RANDOMLUSER]

Extraordinary

You keep using that word. I do not think it means what you think it means.

Re:

[Vexor]

Well McAfee certainly isn't amoung the best of us...

Evolution

[Methos137]

Further proof that no matter how good of a system we design, the universe will design a better idiot to use it.

Oops!

[mcgrew]

Irony indeed. This will certainly lose them a lot of customers. You have to wonder how good a security company can be if they could pull a boner like this one. It's going to take quite a while for them to recover from this.

However, I'm sure they will. Sony's rootkit never put them out of business, Jack in the Box is still selling hamburgers despite poisoning many of their customers (as well as a lot of other food sellers selling poisoned food), etc.

Re:

[billcopc]

You're making the assumption that the people reading this are actual or potential customers. I've got no hard data, but given the quality, performance and reliability of McAfee's products, I'd venture a guess that no sane Slashdotter would dare use their software unless forced upon by some corporate idiocracy responsible for his/her paycheque.

I remember the good old days, when all of McAfee's commercial (paid) releases were available from their own FTP server, simply by logging in as "anonymous". No regis

Re:

[yoshi_mon]

IMO the risk would come from CTO reading about this, via some blurb in his/her business/tech journal, and saying wtf.

While end users with one or a few computers are important for sales keep in mind the people that have power over large numbers of computers are more what the OP I think was getting at.

Re:

[certain death]

Or if you were licensed, the username and password were licensed/321. Those silly security minded folks were not very security minded back in the day...

Re:

[COMON$]

I use EPO and 8.5i and love it. I am quite sane as well FWIW. However their home products are pretty shoddy. I should add as well that I think most /.ers are kids in their basements pretending to be adults. The number of people posting on here with actual experience or actual administrators of networks and or geek jobs is relatively small I would wager.

Re:

[mcgrew]

I don't know, I've run across quite a few geezers here. And there are different kinds of nerds; an electrical engineer or an astronomer would not be competent to administer a network.

You can tell the youngsters, they mostly post as "anonymous coward" and try for that all important first post.

Then there are cross-domain arguments; I had one with an intelligent fellow a few days ago, a math geek, that couldn't see past the numbers and visualize what the numbers actually represented. I'm sure he couoold comput

Re:

[thenickdude]

So! They laugh at my boner, will they?! I'll show them! I'll show them how many boners McAfee can make!

Re:

[TheSpoom]

How dare you sully the bacon ultimate cheeseburger by comparing it to Sony! I just wish they'd move further north :^\

Re:

[hercubus]

Irony indeed. This will certainly lose them a lot of customers...

As long as there continue to be Microsoft-leaning IT shops there will continue to be McAfee AV. We have this shite at work and it really gets a chubby going after Java and Firefox. It's like Steve Ballmer setup the config personally. McAfee is definitely carrying Microsoft's water for them. More like carrying buckets of piss to pour on anything non-MS. Our IT manager just loves this steaming pile.

Re:

[mcgrew]

No, it's what your mommie uses to make your shirties flat.

Dear Ms Morissette

[whisper_jeff]

Dear Ms Morissette,

This is irony. Please take note.

Yours truly

Re:Dear Ms Morissette

[Nevynxxx]

I find the song in question paradoxical. It's ironic that a song called ironic, contains so little irony. But perhaps that is why the song is named as it is, and the irony is intentional, but then it wouldn't be ironic as it was designed that way, bringing us back to the beginning.

<~head explodes~>

Re:

[DNS-and-BIND]

It's more like she's an idiot who had no idea what irony was when she wrote the song. The education level of so-called educated people is shockingly low. Lack of knowledge of literary concepts for a songwriter is just the beginning.

Well, obviously...

[Kuroji]

McAfee's marketing department leaked it, because they were testing the old 'bad publicity is worse than no publicity' theory.

Results so far are not promising.

they're just trying to get more business

[OrangeMonkey11]

"Human Error"

Security is a human issue

[PhunkySchtuff]

Further proof that security is a human problem. Technology can help in some areas, and hinder in others, but at the end of the day it's the monkey at the keyboard banging out the works of Shakespeare that is the weak link in the chain.

Computers would be secure against viruses if people didn't open attachments or surf to dodgy sites. Phishing emails wouldn't work if people didn't reply to them, same goes for 419 scams.

Security is a human issue, it's not a technological issue and a purely technical solution will never work 100%.

Re:

[Halotron1]

Sounds like the old Dancing Bunnies [msdn.com] problem.

The user wants to see the dancing bunnies, so they click there. It doesn't matter how much you try to disuade them, if they want to see the dancing bunnies, then by gum, they're going to see the dancing bunnies. It doesn't matter how many technical hurdles you put in their way, if they stop the user from seeing the dancing bunny, then they're going to go and see the dancing bunny.

The Dinosaurs WILL escape

[dangle]

Somewhat related, I work on an institutional review board that reviews human studies submissions for a large university. One main dichotomy that is used to classify protocols is the concept of "minimal risk" vs. "greater than minimal risk," minimal risk defined somewhat loosely as risks encountered in everyday life.

Accidental sharing of protected health information is considered a risk of many of these studies that collect sensitive information. We continue to subsequently review incidents in which protecte

Re:

[dangle]

I agree completely, and "expected" doesn't equal "acceptable."

As I sometimes tell patients when the Hospital has committed a relatively minor transgression against them: "If it makes you feel any better, we treat everyone this badly."

Re:

[SkipFrehly]

But does that mean that our personal information shouldn't be protected from being leaked by means that most would consider grossly negligent? Someone had to click "Attach File" at some point. That same person had to click that send button, probably after realizing that attaching the spreadsheet with everyone's email on it wasn't the same as CCing everyone.

To me, this is, inherently, an issue of human error. Overworked, exhausted, undercoffee'd PR guy who just finished a, more than likely, exhausting and

Re:

[dave562]

Its a corporate culture problem. Given a close to 20% real unemployment rate in this country, there isn't any excuse for having a non/poorly trained fool handling sensitive customer information. I'm sure that there are plenty of unemployed people who could do the task in question without messing it up. The sad thing is that they'd probably jump at the opportunity to make the peanuts worth of pay that McAfee was probably paying the person who screwed it up.

Re:

[dangle]

Yeah, this is exactly the kind of conversation our committee has had on multiple occasions, maybe I'm being too cynical, but it just seems guaranteed (and therefore should be expected and anticipated) that well-meaning people are capable of inadvertently breaking any security system we come up with, let alone the non-well-meaning people.

Re:

[SkipFrehly]

Really though, the coffee cup already says "Caution: Hot!" Does that need to be supplemented by "Hot things can burn you, and burns hurt."

When I was a kid, all it took was my mom to say 'Santa's watching..." That would freeze me in my tracks even in June.

Tech solution to a social problem

[Thaelon]

This is why there's no such thing as a technical solution to a social problem.

Here's another example: My company instituted a policy where recipient names would not auto complete on the To/CC fields - enforced through the domain security policy - to prevent people from sending stuff meant for one client to another.

Less than 48 hours later someone sent a sensitive email to the wrong client anyway.

sucks to be the person who sent the email

[MITpianoman]

"taking steps to ensure it doesn't happen again" = someone is getting fired

I don't know which is worse

[petes_PoV]

They were using their own products and they failed. Or if they weren't using their own products - why not?

RTFA!!!

[DoofusOfDeath]

I actually READ TFA.

Turns out the summary was pretty accurate.

Just thought I'd mention that.

Re:

[rodeoclownii]

It is completely accurate. We had two guys at work go to the conference, and both of them got sent an email with a excel spreadsheet listing all the details of all the attendees of the conference. Whoops indeed.

Re:

[jank1887]

Every professional conference I've been do has provided an attendees list as part of the welcome kit (including the program, CD with papers/presentations, etc.). I get crap from vendors every once in a while. But not too much. Was this McAffee leaked information more than just contact info?

Well I can see their stock price crashing !

[hesaigo999ca]

3....2.....1.....
Ok who wants to buy my McAffee stock options for 1/10th of their worth, anybody,....anybody....???

The wrong bunch of people...

[leprkhn]

to send that particular information to... Or about, for that matter. The thought makes me smile. Not only did they send a bunch of personal information out via e-mail, but they sent it to a bunch of hackers. Not only did they send a bunch of personal information to a bunch of hackers via email, but it was the personal information of those very hackers.

Let's dance the PEBKAC again

[FreakUnique]

Once again PEBKAC and the Human Element proves to be the bane of the person trying to make computer data secure. I face this every day and to this day I still wonder how the hell my parents don't get more infections then they currently do. Wait that would be me making sure their antispyware and antivirus is up to date every time their backs are turned.

It does help that I drummed in safe surfing practices into their heads.

Customer passwords stored unencrypted

[linear a]

I just went to my McAfee account and used the forgot password link. Either my password was stored unencrypted or it is one of those rare words that hashes to itself.

Isn't this the 2nd time for McAfee?

[Xingzoa]

Didn't this happen last year as well??

How are they still around?

[dave562]

When will McAfee just shrivel up and die? Their software sucks and it seems like this is at least the second or third seriously high profile mistake on their part. Does anyone really buy McAfee security products, or do they simply scrape by with the revenue from renewals on OEM pre-installs? I don't know a single IT person who looks at McAfee software when considering corporate security products.

Cruel Irony? Hardly.

[PingXao]

I'd call it a Darwinian development. Anyone putting their security in McAfee pretty much deserves what they get.